[TUT][ICS] bypass Credential Storage phone lock / install certificates

Search This thread
By:
Advanced…
E

.eXa

New member
Jun 21, 2012
3
16
Aachen
Hello folks,

idk if anyone of you guys had a hard time with the same annoying 'feature' on ics roms which forces you to set a PIN/password/pattern lock when you try to install enterprise certificates into your credential storage.

As for myself I need some of these certs to log into the WLAN at my university (which is 802.1x protected). But I don't feel the need of locking my phone.

So I exploited this to go around setting a password for the secure lock screen.

-------------------------------------------------------------------------------

Prerequisites are a rooted phone, a root file browser or adb tools and apparently your certificates.

I tested this on AOKP build 38 and 39 on a rooted HTC Sensation XE and will check this on two other devices the upcoming week.

UPDATE: seems to work even easier, I made the changes inline since the previous workaround did not work in every case.



Step 1:
Download the certificates to your SD card and/or install directly via browser/email etc. Do as you are asked and set up a PIN/password/pattern lock. Remember it ;)

Step 2:
now with your root file browser go to /data/misc/ and recursively copy the folders keychain and keystore to a save place.
These are the folders containing the certificate files.
(See [System settings > security > Trusted credentials] for installed certificates)

With adb tools you can for example do this:

Code: 
adb shell
su
cp -R /data/misc/keychain /sdcard/certificates/
cp -R /data/misc/keystore /sdcard/certificates/
Step 3:
Go to [System settings > security] and click [Clear credentials] at the bottom of the menu. Now your previously installed certs are wiped and you are free to set the lock method to [none], [slide] or [face lock] again.

Step 4:
Finally fire up your root file browser again, set /system as read/write and copy the in Step 2 backed up directories back to /data/misc/. They are now installed as the before but since CertInstaller.apk does not get involved, noone forces you to lock your phone.

in adb shell:
Code: 
cp -R /sdcard/certificates/* /data/misc/
Now you should be able to find your newly added certificates in the System list under [System Settings > Security > Trusted credentials] in the [User] tab and thus be able to log into your desired WLAN.

I hope this helps some people out there. When I get deeper into developing maybe I will find a 'cleaner' method for this.

have a good night,

.eXa
 
Last edited:
  • Like
Reactions: RelaxedMind, rockernaxo, AdamT6 and 12 others
G

grievous2004

Senior Member
Oct 23, 2010
56
23
Google Pixel 6 Pro
Google Pixel 6
Thank you for sharing! I have been really looking for this kind of hack.
Sadly I can't use it as my certificate has a different structure: it seems to install 3 files in /data/misc/keystore/
The files are 1000_USRCERT_Polimi ; 1000_USRCERT_Polimi and .masterkey
I tried copying these files to the new directory and even changing the file extension but it did not work.
I don't know if this issue is rom or certificate related.. anyway I am using a stock rom on samsung galaxy s3.. perhaps samsung manages differently certificates..
Have you any clue on this? Thank you!
 
E

.eXa

New member
Jun 21, 2012
3
16
Aachen
hey, thanks for the reply.

alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.

greetings
 
Last edited:
G

grievous2004

Senior Member
Oct 23, 2010
56
23
Google Pixel 6 Pro
Google Pixel 6
.eXa said:
hey, thanks for the reply.

alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.

greetings
Click to expand...
Click to collapse

You were fast! :D and I think you made it: I can now select the certificate in the wifi options dialog (so it's correctly installed).. but I can't test the access to the network until monday.. Anyway I am convinced that it made the trick and it was really simple, I must say.
Thank you so much , this will be useful to many people!
 
Grgur

Grgur

Member
Aug 20, 2008
45
18
Gdansk
Your trick helped me only partially. It allowed me to install the certificates just fine. But as soon as I try to connect to any 802.1x protected Wi-Fi network, the phone bugs me again with setting the screen lock. So I need a workaround for accessing the key storage.
 
G

grievous2004

Senior Member
Oct 23, 2010
56
23
Google Pixel 6 Pro
Google Pixel 6
I tried it and sadly it does not work: it asks me a password to activate the credential storage.. only problem is that I never set a password for it so I can't insert it and use the certificate. Too bad but I think it depends on the certificate.. anyway thank you very much for the help provided!
 
E

.eXa

New member
Jun 21, 2012
3
16
Aachen
so, back from vacation.

@grgur: in your setup it is the 802.1x wlan that forces you by corporate policy to lock your phone. i am still trying to figure this out, i will try and search the system where stored wlan access points are stored. update will come as i find a solution to this.

@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.


since i am in the middle of learning for my exams i have really no time to go on with my android studies... it seems like in the long haul someone has to "fix" the app that handles phone lock and device policies. i know who the bad boy is but i am lacking time right now, so hopefully i get this done by the end of august.

i'll keep you up to date with my progress.

greetings
 
  • Like
Reactions: aZooZa
P

pippodream

Member
Mar 16, 2011
30
2
As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?
 
G

grievous2004

Senior Member
Oct 23, 2010
56
23
Google Pixel 6 Pro
Google Pixel 6
.eXa said:
@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.
Click to expand...
Click to collapse
pippodream said:
As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?
Click to expand...
Click to collapse
I was using a samsung stock rom 4.0.4 and the tutorial worked but when trying to connect again it asked me for a credential pwd (that I never set). Now I'm on CM10 so there should be no problem. As soon as I get to Polimi I'll try ;)
 
Z

zsszabolcs

Member
Sep 11, 2012
5
0
doesn't work for me (SGS2 AOKP JB)

Hi!

I've tried to apply this solution to my device (SGS2 AOKP JB), but after clearing the credentials and copying back the keystores/keychains the user credentials cannot be found (Trusted credentials > User is empty).

Could anyone please help me with this one?

Thank you in advance.
 
TrojanPL

TrojanPL

Member
Jun 11, 2012
49
3
zsszabolcs said:
Hi!

I've tried to apply this solution to my device (SGS2 AOKP JB), but after clearing the credentials and copying back the keystores/keychains the user credentials cannot be found (Trusted credentials > User is empty).

Could anyone please help me with this one?

Thank you in advance.
Click to expand...
Click to collapse

I have the same problem. And unfortunately I didn't find solution for that.

Wysłane z Android 4.1.2 za pomocą Tapatalk 2
 
U

u-foka

Member
Sep 21, 2008
48
8
Sadly exchange with client certificate refuses to work after trying this hack :( It says that it can't found the cert it needs..
 
bubr3g

bubr3g

Member
Apr 21, 2012
48
19
I have found the permanent solution !!!

I hope this will solve everyone's problem here.
These are the steps I have done after installing Eduroam certificates from my university:
1. Obviously I have installed CA
2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
3. After that I have failed to swipe my lock pattern correctly 15 times
4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
5. Choose the "Unlock with your Google account" and type in your username and password
6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
7. Just press back to exit this menu.
8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
 
Last edited:
  • Like
Reactions: The Loko, gian569 and jbbandos
TrojanPL

TrojanPL

Member
Jun 11, 2012
49
3
bubr3g said:
I have found the permanent solution !!!

I hope this will solve everyone's problem here.
These are the steps I have done after installing Eduroam certificates from my university:
1. Obviously I have installed CA
2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
3. After that I have failed to swipe my lock pattern correctly 15 times
4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
5. Choose the "Unlock with your Google account" and type in your username and password
6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
7. Just press back to exit this menu.
8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
Click to expand...
Click to collapse

It won't work for me. After 10 failures it says that I have to wait 30 seconds for another try. I have Samsung Galaxy SII with Omega v21 (based on Samsung-stock Android 4.2.1).
 
A

astarothcy

Member
Oct 27, 2012
27
7
Hi, this seems almost too easy, and it's more of a workaround than a solution, but it works:

  1. Try to login to your network
  2. Accept the request to set up the mandatory screen lock and set one up (any kind)
  3. Connect to your network
  4. Go into Android settings/Security and change the screen lock type to None
  5. Your network credentials are now saved and there is no longer a screen lock.
 
System of a pWne!^

System of a pWne!^

Senior Member
Aug 3, 2010
189
12
www.daggeringcats.com
astarothcy said:
Hi, this seems almost too easy, and it's more of a workaround than a solution, but it works:

  1. Try to login to your network
  2. Accept the request to set up the mandatory screen lock and set one up (any kind)
  3. Connect to your network
  4. Go into Android settings/Security and change the screen lock type to None
  5. Your network credentials are now saved and there is no longer a screen lock.
Click to expand...
Click to collapse

The last time I tried this with my CyanogenMod install, removing a pattern/password/pin was not possible because of the certificates. Only after removing the certificates, the screen-lock-type could be changed to a non-pattern/pin/password type.
 
You must log in or register to reply here.

Similar threads

Snoop05
[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3
Replies
2K
Views
7M
فكري الشراعي
فكري الشراعي
fivefour
OUTDATED - [MOD] CrossBreeder - Lag-/Entropy+/DNS+/Tether+/Ads-/Censors-/.bit support!!
Replies
7K
Views
2M
fivefour
fivefour
Chainfire
  • Locked
[CENTRAL] CF-Auto-Root
Replies
2K
Views
3M
Chainfire
Chainfire
M
[GUIDE][HOW-TO]Crack android pattern lock!
Replies
174
Views
739K
A
ashish.9719
piraterex
  • Poll
[Android][Guide]Hacking And Bypassing Android Password/Pattern/Face/PI
Replies
201
Views
1M
insomniacno1
insomniacno1

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 15
    E
    .eXa
    Hello folks,

    idk if anyone of you guys had a hard time with the same annoying 'feature' on ics roms which forces you to set a PIN/password/pattern lock when you try to install enterprise certificates into your credential storage.

    As for myself I need some of these certs to log into the WLAN at my university (which is 802.1x protected). But I don't feel the need of locking my phone.

    So I exploited this to go around setting a password for the secure lock screen.

    -------------------------------------------------------------------------------

    Prerequisites are a rooted phone, a root file browser or adb tools and apparently your certificates.

    I tested this on AOKP build 38 and 39 on a rooted HTC Sensation XE and will check this on two other devices the upcoming week.

    UPDATE: seems to work even easier, I made the changes inline since the previous workaround did not work in every case.



    Step 1:
    Download the certificates to your SD card and/or install directly via browser/email etc. Do as you are asked and set up a PIN/password/pattern lock. Remember it ;)

    Step 2:
    now with your root file browser go to /data/misc/ and recursively copy the folders keychain and keystore to a save place.
    These are the folders containing the certificate files.
    (See [System settings > security > Trusted credentials] for installed certificates)

    With adb tools you can for example do this:

    Code: 
    adb shell
su
cp -R /data/misc/keychain /sdcard/certificates/
cp -R /data/misc/keystore /sdcard/certificates/
    Step 3:
    Go to [System settings > security] and click [Clear credentials] at the bottom of the menu. Now your previously installed certs are wiped and you are free to set the lock method to [none], [slide] or [face lock] again.

    Step 4:
    Finally fire up your root file browser again, set /system as read/write and copy the in Step 2 backed up directories back to /data/misc/. They are now installed as the before but since CertInstaller.apk does not get involved, noone forces you to lock your phone.

    in adb shell:
    Code: 
    cp -R /sdcard/certificates/* /data/misc/
    Now you should be able to find your newly added certificates in the System list under [System Settings > Security > Trusted credentials] in the [User] tab and thus be able to log into your desired WLAN.

    I hope this helps some people out there. When I get deeper into developing maybe I will find a 'cleaner' method for this.

    have a good night,

    .eXa
    View
    3
    bubr3g
    bubr3g
    I have found the permanent solution !!!

    I hope this will solve everyone's problem here.
    These are the steps I have done after installing Eduroam certificates from my university:
    1. Obviously I have installed CA
    2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
    3. After that I have failed to swipe my lock pattern correctly 15 times
    4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
    5. Choose the "Unlock with your Google account" and type in your username and password
    6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
    7. Just press back to exit this menu.
    8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
    View
    1
    E
    .eXa
    so, back from vacation.

    @grgur: in your setup it is the 802.1x wlan that forces you by corporate policy to lock your phone. i am still trying to figure this out, i will try and search the system where stored wlan access points are stored. update will come as i find a solution to this.

    @grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.


    since i am in the middle of learning for my exams i have really no time to go on with my android studies... it seems like in the long haul someone has to "fix" the app that handles phone lock and device policies. i know who the bad boy is but i am lacking time right now, so hopefully i get this done by the end of august.

    i'll keep you up to date with my progress.

    greetings
    View
    1
    gian569
    gian569
    bubr3g said:
    I have found the permanent solution !!!

    I hope this will solve everyone's problem here.
    These are the steps I have done after installing Eduroam certificates from my university:
    1. Obviously I have installed CA
    2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
    3. After that I have failed to swipe my lock pattern correctly 15 times
    4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
    5. Choose the "Unlock with your Google account" and type in your username and password
    6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
    7. Just press back to exit this menu.
    8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
    Click to expand...
    Click to collapse

    you crazy man it really works!!!
    View
    1
    bubr3g
    bubr3g
    TrojanPL said:
    It won't work for me. After 10 failures it says that I have to wait 30 seconds for another try. I have Samsung Galaxy SII with Omega v21 (based on Samsung-stock Android 4.2.1).
    Click to expand...
    Click to collapse

    Well of course, when you fail you sholud have a button in bottom right corner, something like this on the picture
    1v0BNEscBOB7KE7Jhcvf6LiBGKz1.png


    Btw, after you reboot your device it could stop working so you should do the whole thing from step 1
    View

New posts